Breaking Cell Phone Authentication: Vulnerabilities in AKA, IMS, and Android

Website Maintenance Alert

Due to scheduled maintenance, the USENIX website may not be available on Monday, March 17, from 10:00 am–6:00 pm Pacific Daylight Time (UTC -7). We apologize for the inconvenience and thank you for your patience.

If you would like to register for NSDI '25, SREcon25 Americas, or PEPR '25, please complete your registration before or after this time period.

Authors: 

Jethro G. Beekman and Christopher Thompson, University of California, Berkeley

Abstract: 

Next generation IP telephony such as the IP Multimedia Subsystem (IMS) framework has been used to create Internet calling services which let cellular users make and receive calls even when without cellular reception. In this paper, we look at the security aspects of Internet calling services and other systems that use the 3GPP Authentication and Key Agreement (AKA) protocol for authentication, particularly focusing on the context of cellular authentication in Android. We describe a new man-in-the-middle attack on T-Mobile’s Wi-Fi Calling service, which is installed on millions of T-Mobile Android smartphones. We also describe three new attacks on AKA in the context of Internet calling and Android. We have worked with T-Mobile to fix the man-in-the middle vulnerability, and we present clear and actionable solutions to fix the remaining vulnerabilities.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {179197,
author = {Jethro Beekman and Christopher Thompson},
title = {Breaking Cell Phone Authentication: Vulnerabilities in {AKA}, {IMS}, and Android},
booktitle = {7th USENIX Workshop on Offensive Technologies (WOOT 13)},
year = {2013},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/woot13/workshop-program/presentation/beekman},
publisher = {USENIX Association},
month = aug
}
Download
Beekman PDF
View the slides

Presentation Video

Mute
Current Time 0:00
/
Duration Time 0:00
Loaded: 0%
Progress: 0%
Stream TypeLIVE
Remaining Time -0:00
 
Playback Rate
1
    Chapters
    • Chapters
    Subtitles
    • subtitles off
    Captions
    • captions off

    Presentation Audio